Alerts that are reset or stop being alerts in Orion automatically change to closed. They aren't alerts anymore and are instead just events after they are out of alert conditions.
What I find frustrating is that once they are assigned they don't close themselves.
the other thing to note is that the system will make x attempts to assign to user/group. look at/edit the group and at the bottom, there is a section - If all notification steps (including optional repeats) have been exhausted:
this section tells you what the default action is.
I noticed this morning the same issue but not an alert for an Orion product. As as test I set up our Websense system to send alerts to our alertcentral email account.
This morning I came into 95 alerts that had all been closed due to:
These alerts state when any suspicious activity has taken place on our proxy and therefore would not be reset, as would need to be investigated. As you can see below they have all been closed automatically:
Any explanation on why this occurs, or at least how I can stop this from happening?
verify you have a group set up using the "groups" tab.
then...set up/review the below:
first, look at your settings -> configure alert sources <where ever these alerts are coming from> -> look at routing.
figure out what group it is getting assigned to <if not assigned, then assign to a group>
now go to calendar and create an "on-call" schedule for that group.
to validate default actions of any given group -> click on groups tab and edit the "escalation policy" area. see below: